1   /* Copyright 2004 Acegi Technology Pty Limited
2    *
3    * Licensed under the Apache License, Version 2.0 (the "License");
4    * you may not use this file except in compliance with the License.
5    * You may obtain a copy of the License at
6    *
7    *     http://www.apache.org/licenses/LICENSE-2.0
8    *
9    * Unless required by applicable law or agreed to in writing, software
10   * distributed under the License is distributed on an "AS IS" BASIS,
11   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12   * See the License for the specific language governing permissions and
13   * limitations under the License.
14   */
15  
16  package org.acegisecurity.vote;
17  
18  import java.util.List;
19  import java.util.Vector;
20  
21  import junit.framework.TestCase;
22  
23  import org.acegisecurity.AccessDeniedException;
24  import org.acegisecurity.ConfigAttributeDefinition;
25  import org.acegisecurity.GrantedAuthority;
26  import org.acegisecurity.GrantedAuthorityImpl;
27  import org.acegisecurity.SecurityConfig;
28  import org.acegisecurity.providers.TestingAuthenticationToken;
29  
30  
31  /***
32   * Tests {@link UnanimousBased}.
33   *
34   * @author Ben Alex
35   * @version $Id: UnanimousBasedTests.java,v 1.6 2005/11/30 01:23:34 benalex Exp $
36   */
37  public class UnanimousBasedTests extends TestCase {
38      //~ Constructors ===========================================================
39  
40      public UnanimousBasedTests() {
41          super();
42      }
43  
44      public UnanimousBasedTests(String arg0) {
45          super(arg0);
46      }
47  
48      //~ Methods ================================================================
49  
50      public final void setUp() throws Exception {
51          super.setUp();
52      }
53  
54      public static void main(String[] args) {
55          junit.textui.TestRunner.run(UnanimousBasedTests.class);
56      }
57  
58      public void testOneAffirmativeVoteOneDenyVoteOneAbstainVoteDeniesAccess()
59          throws Exception {
60          TestingAuthenticationToken auth = makeTestToken();
61          UnanimousBased mgr = makeDecisionManager();
62  
63          ConfigAttributeDefinition config = new ConfigAttributeDefinition();
64          config.addConfigAttribute(new SecurityConfig("ROLE_1")); // grant
65          config.addConfigAttribute(new SecurityConfig("DENY_FOR_SURE")); // deny
66  
67          try {
68              mgr.decide(auth, new Object(), config);
69              fail("Should have thrown AccessDeniedException");
70          } catch (AccessDeniedException expected) {
71              assertTrue(true);
72          }
73      }
74  
75      public void testOneAffirmativeVoteTwoAbstainVotesGrantsAccess()
76          throws Exception {
77          TestingAuthenticationToken auth = makeTestToken();
78          UnanimousBased mgr = makeDecisionManager();
79  
80          ConfigAttributeDefinition config = new ConfigAttributeDefinition();
81          config.addConfigAttribute(new SecurityConfig("ROLE_2")); // grant
82  
83          mgr.decide(auth, new Object(), config);
84          assertTrue(true);
85      }
86  
87      public void testOneDenyVoteTwoAbstainVotesDeniesAccess()
88          throws Exception {
89          TestingAuthenticationToken auth = makeTestToken();
90          UnanimousBased mgr = makeDecisionManager();
91  
92          ConfigAttributeDefinition config = new ConfigAttributeDefinition();
93          config.addConfigAttribute(new SecurityConfig("ROLE_WE_DO_NOT_HAVE")); // deny
94  
95          try {
96              mgr.decide(auth, new Object(), config);
97              fail("Should have thrown AccessDeniedException");
98          } catch (AccessDeniedException expected) {
99              assertTrue(true);
100         }
101     }
102 
103     public void testRoleVoterPrefixObserved() throws Exception {
104         TestingAuthenticationToken auth = makeTestTokenWithFooBarPrefix();
105         UnanimousBased mgr = makeDecisionManagerWithFooBarPrefix();
106 
107         ConfigAttributeDefinition config = new ConfigAttributeDefinition();
108         config.addConfigAttribute(new SecurityConfig("FOOBAR_1")); // grant
109         config.addConfigAttribute(new SecurityConfig("FOOBAR_2")); // grant
110 
111         mgr.decide(auth, new Object(), config);
112         assertTrue(true);
113     }
114 
115     public void testThreeAbstainVotesDeniesAccessWithDefault()
116         throws Exception {
117         TestingAuthenticationToken auth = makeTestToken();
118         UnanimousBased mgr = makeDecisionManager();
119 
120         assertTrue(!mgr.isAllowIfAllAbstainDecisions()); // check default
121 
122         ConfigAttributeDefinition config = new ConfigAttributeDefinition();
123         config.addConfigAttribute(new SecurityConfig("IGNORED_BY_ALL")); // abstain
124 
125         try {
126             mgr.decide(auth, new Object(), config);
127             fail("Should have thrown AccessDeniedException");
128         } catch (AccessDeniedException expected) {
129             assertTrue(true);
130         }
131     }
132 
133     public void testThreeAbstainVotesGrantsAccessWithoutDefault()
134         throws Exception {
135         TestingAuthenticationToken auth = makeTestToken();
136         UnanimousBased mgr = makeDecisionManager();
137         mgr.setAllowIfAllAbstainDecisions(true);
138         assertTrue(mgr.isAllowIfAllAbstainDecisions()); // check changed
139 
140         ConfigAttributeDefinition config = new ConfigAttributeDefinition();
141         config.addConfigAttribute(new SecurityConfig("IGNORED_BY_ALL")); // abstain
142 
143         mgr.decide(auth, new Object(), config);
144         assertTrue(true);
145     }
146 
147     public void testTwoAffirmativeVotesTwoAbstainVotesGrantsAccess()
148         throws Exception {
149         TestingAuthenticationToken auth = makeTestToken();
150         UnanimousBased mgr = makeDecisionManager();
151 
152         ConfigAttributeDefinition config = new ConfigAttributeDefinition();
153         config.addConfigAttribute(new SecurityConfig("ROLE_1")); // grant
154         config.addConfigAttribute(new SecurityConfig("ROLE_2")); // grant
155 
156         mgr.decide(auth, new Object(), config);
157         assertTrue(true);
158     }
159 
160     private UnanimousBased makeDecisionManager() {
161         UnanimousBased decisionManager = new UnanimousBased();
162         RoleVoter roleVoter = new RoleVoter();
163         DenyVoter denyForSureVoter = new DenyVoter();
164         DenyAgainVoter denyAgainForSureVoter = new DenyAgainVoter();
165         List voters = new Vector();
166         voters.add(roleVoter);
167         voters.add(denyForSureVoter);
168         voters.add(denyAgainForSureVoter);
169         decisionManager.setDecisionVoters(voters);
170 
171         return decisionManager;
172     }
173 
174     private UnanimousBased makeDecisionManagerWithFooBarPrefix() {
175         UnanimousBased decisionManager = new UnanimousBased();
176         RoleVoter roleVoter = new RoleVoter();
177         roleVoter.setRolePrefix("FOOBAR_");
178 
179         DenyVoter denyForSureVoter = new DenyVoter();
180         DenyAgainVoter denyAgainForSureVoter = new DenyAgainVoter();
181         List voters = new Vector();
182         voters.add(roleVoter);
183         voters.add(denyForSureVoter);
184         voters.add(denyAgainForSureVoter);
185         decisionManager.setDecisionVoters(voters);
186 
187         return decisionManager;
188     }
189 
190     private TestingAuthenticationToken makeTestToken() {
191         return new TestingAuthenticationToken("somebody", "password",
192             new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_1"), new GrantedAuthorityImpl(
193                     "ROLE_2")});
194     }
195 
196     private TestingAuthenticationToken makeTestTokenWithFooBarPrefix() {
197         return new TestingAuthenticationToken("somebody", "password",
198             new GrantedAuthority[] {new GrantedAuthorityImpl("FOOBAR_1"), new GrantedAuthorityImpl(
199                     "FOOBAR_2")});
200     }
201 }